One of the biggest mistakes a company that experiences a data breach can make is to downplay the size of the breach and its effect on the victims, said attorney Jamie Sheller at the HB Litigation Conferences Second Annual NetDiligence® Cyber Risk & Privacy Liability Forum on June 9 in Philadelphia.
Sheller, a plaintiff’s attorney with Sheller, P.C. in Philadelphia said that downplaying the magnitude of a breach “inflames the victims” and “inflames the courts” when the real statistics are revealed to the government.
Defense attorney John Mullen of Nelson, Levine, de Luca & Horst in Philadelphia, who also sat on the panel, said that companies need to assume there’s going to be litigation when a data breach takes place. He suggested that companies be sure to make the “right deals with the right vendors” to provide credit monitoring to victims before a breach takes place and to avoid “panic buying” when it does.
“Even if you provide the best package [to victims] you’re not going to stop anyone from suing you,” he said.
Panelist Richard Bortnick, a defense attorney with Cozen & O’Connor in Conshohocken, PA, said there are three typical scenarios in data breach cases—first, where the company assumes the risk of the breach before it occurs; second, where the company purchases data breach insurance coverage; and third, where the company has done nothing to prepare for a breach.
He said that the last scenario occurs in the “majority of cases.”
Bortnick also stated that the issue of cyber security is “in the cross-hairs of the federal government,” not only of the United States, but other countries throughout the world.
“This is a global, international problem,” he said.